package edu.song.yeb.boot.config.security;

import edu.song.yeb.boot.domain.Admin;
import edu.song.yeb.boot.service.AdminService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

//@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private LoginUserService loginUserService;

    @Resource  //jwt登录验证拦截器
    private JwtAuthencationTokenFilter jwtAuthencationTokenFilter;

    @Resource   //未登录拦截器
    private RestAuthorizationEntryPoint authorizationEntryPoint;

    @Resource  //权限不足或token失效
    private RestfulAccessDeniedHandler accessDeniedHandler;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(this.loginUserService)
                .passwordEncoder(this.passwordEncoder());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/login",
                "/logout",
                "/css/**",
                "/js/**",
                "/index.html",
                "favicon.ico",
                "/doc.html",
                "/webjars/**",
                "/swagger-resources/**",
                "/v2/api-docs/**",
                "/captcha",
                "/ws/**");

    }


    //    @Bean
//    @Override
//    protected UserDetailsService userDetailsService() {
//        return username ->{
//            Admin admin = adminService.findAdminByUsername(username);
//            if(admin!=null){
//
//                return admin;
//            }
//            throw new UsernameNotFoundException("账号或密码错误！");
//        };
//    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
//                .antMatchers("/login", "/logout")
//                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .headers()
                .cacheControl();

         //添加jwt的登录授权拦截器
         http.addFilterBefore(this.jwtAuthencationTokenFilter, UsernamePasswordAuthenticationFilter.class);
         //登录失败、授权失败的错误处理
        http.exceptionHandling()
                 //授权失败
                .accessDeniedHandler(this.accessDeniedHandler)
                .authenticationEntryPoint(this.authorizationEntryPoint);

    }
}
